Skip to content

runc 1.0.2 -- "Given the right lever, you can move a planet."

Choose a tag to compare
@cyphar cyphar released this 23 Aug 08:11

This is the second stable release in the 1.0 branch, fixing a few medium and high
priority issues, including one that affect Kubernetes using runc's libcontainer.


  • Fixed a failure to set CPU quota period in some cases on cgroup v1. (#3115)
  • Fixed the inability to start a container with the "adding seccomp filter
    rule for syscall ..." error, caused by redundant seccomp rules (i.e. those
    that has action equal to the default one). Such redundant rules are now
    skipped. (#3129)
  • Made release builds reproducible from now on. (#3142)
  • Fixed a rare debug log race in runc init, which can result in occasional
    harmful "failed to decode ..." errors from runc run or exec. (#3130)
  • Fixed the check in cgroup v1 systemd manager if a container needs to be
    frozen before Set, and add a setting to skip such freeze unconditionally.
    The previous fix for that issue, done in runc 1.0.1, was not working.

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai